Re: Packages and signatures

[Riku Voipio <riku.voipio@iki.fi>]

On Thu, Jan 18, 2001 at 11:48:10PM -0300, Nicolás Lichtmaier wrote:
> > The problem with signing packages is that you can't trust a computer
> > to do it for obvious reasons (like building/installation of packages
> > being done as root).
 
>  Again with diferent words: A key used by "dinstall" (or whatever its name
> is now) will have the same degree of security/trust that packages that are
> now built with it.

A package that has been signed by a dinstall key would have a bit
more security - it verifies, that the package has indeed passed the 
dinstall prosesess or someone has hacked the prosess.

In the latter case, we have a lot more to worry ablout than fake 
signatures.

What matters, is that dns spoofed mirror with fake packages 
would have unsigned packages.

Still, I think that the binaries should be signed by both
the maintainer and dinstall. So that the real paranoid
folk can start traveling around the world and gather 
a web of trust to all packages they use x)

>  It's sad that this missconception has prevented Debian from using signed
> packages for so long.

This is the Debian symptom. If we can't make a perfect solution, 
we won't do a better than current solution.

-- 
Riku Voipio  	       |    riku.voipio@iki.fi         |
kirkkonummentie 33     |    +358 50 3313498          --+--
02140 Espoo            |                               |
Facts do not cease to exist because they are ignored.  |